Security Resources for Joomla

Published by Vic Drover

Like all open source software, the underlying codebase can always be scrutinized by attackers with the will and ability to find exploits. The flip-side of this equation is that popular and active open source software projects like Joomla have been hardened against nearly all of the published exploits and are generally considered quite safe.

Despite this, it is not possible to have a website that is both publicly accessible and 100% secure. Security is a continual process of learning and website hardening that should always be considered a ‘work in progress’.

To help you on your journey of website security with Joomla, we’ve prepared this collection of resources that can be used to keep your Joomla site safe.

Your Joomla website

Since 1-in-3 Joomla sites run on outdated, vulnerable software, keeping your sites updated is critically important. All Joomla sites using version 2.5 or greater can be updated with just a few clicks from the site backend.

Joomla Security Checklist

The Joomla Security Checklist is the perfect place to start when it comes to maintaining a secure Joomla website.

The list includes great advice for choosing a secure web host, managing file permissions, optimal Joomla configuration, what do do if you have been hacked, and more.

Be sure to take some time to read through and understand the basics of each section.

Joomla also provides a number of additional security resources on their general Joomla Security page that are a great way to grow your security knowledge.

Vulnerable Extension List & Security News

Another great list for keeping your site secure is the Vulnerable Extensions List or (VEL). The VEL is a catalog all of the known exploits in 3rd-party Joomla extensions.

Monitoring this list by signing up for email alerts is a great way to be notified when non-core add-ons report an exploit that may affect your sites.

Joomla also maintains an RSS feed for security issues in the Joomla core, though users of Joomla 3.5 and greater will be notified about these when patches are released for their version of Joomla via the Joomla update notification plugin. Nonetheless, we still recommend that you sign up to be notified via email when security issues arise in the Joomla core.

Security patches for end-of-life versions

Joomla 2.5 and 1.5 have reached end-of-life (EOL) status, meaning that they are no longer supported. However, a few critical security issues have arisen for these versions that should be patched until the site can be upgraded to the latest version of Joomla.

To make it easier to apply updates for EOL Joomla versions, below you will find links to security patches that may be installed from the Joomla backend or bulk-installed using the Remote Installer in Watchful.

The Joomla Community Magazine

The Joomla Community Magazine can be a great resource for security information and advice. We recommend that you regularly visit out the Administrators Toolkit area for security-related posts such as:

But there are numerous small steps you can take that make the pathway to your data just a bit more difficult.

The Blogosphere

The internet is continually publishing new items on website security and Joomla of course is a common topic. We recommend that you regularly head over to your favorite search engine and search for Joomla security and filter for recent articles.

For example, we just found this great Complete 10 Step Guide to Joomla Security.

Here at Watchful we’ve also written extensively about security. For example, checkout 7 tips to improve the security of your Joomla template and Security Best Practices for Joomla Webdesign Agencies.

Trusted security extensions

Joomla has many security softwares listed in the official directory of Joomla software.

We recommend that you review the popular items in this category and see which ones make sense for your particular need.

We recommend choosing a Web Application Firewall such as Akeeba Admin Tools and RSFirewall. You may also try OSE Anti-Virus for Joomla a virus scanning extension that scan Joomla as well as other files on the server, and has the ability to quarantine detected files.

The Official Joomla Security Forums

If you’ve read this far, and followed the links above, you’re well on your way to maintaining a safe and secure Joomla website. But if you still have questions, be sure to pose a question in the security forums at

Separate security boards are maintained for Joomla 1.52.x and 3.x. Be sure to post in the correct place, and never ever post and personal information about your site or server.

Security extends past your website

Security doesn’t end at your website. How you manage

Categories: Blog


Leave a Reply

Your email address will not be published. Required fields are marked *